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DETAILED ACTION 
Response to Amendment 

1 . This Office Action is responsive to the amendment filed April 1 8, 2006, in which claims 
1,4, 43, 90, 96, 98,99 and 101 were amended. 

Response to Arguments 

2. Applicants' arguments filed April 1 8, 2006 have been fiilly considered but they are not 
persuasive. 

Applicants' argue, "Kausik et al. fails to teach or disclose the use of an intelligent token 
utilized to conduct a secure electronic transaction" and that Kausik et al. "teaches conducting 
electronic transactions without utilizing verifiable hardware". However, the examiner notes that 
Kausik et al. teach using physical tokens with the present invention. That is, Kausik et al. 
indicate, "the present invention could as be used in conjunction with a physical token, as 
desired" (see col. 4, lines 45-47), Therefore, Kausik et al. teach the features of Applicants' 
invention including "issuing a challenge to the user, wherein said challenge is passed to an 
intelligent token for processing said challenge, wherein said intelligent token generates a 
response to said challenge". 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-3, 43-45 and 90 are rejected under 35 U.S.C. 102(e) as being anticipated by 
U.S. Patent No. 6263446 to Kausik et al. 

Referring to claim 1, Kausik et al. disclose receiving at a first server (i.e. credential 
server), a transaction request from a user for a transaction at a merchant server (see claim 30(a) - 
receiving from a requestor, over a network a request for a predetermined authentication 
credential), issuing a challenge to the user, wherein said challenge is passed to an intelligent 
token for processing said challenge, (see claim 30 (b) - transmitting, to said requestor, a 
challenge; claim 34 - said transmitting is to a digital wallet of said requestor; col. 4, lines 35-46 
- the wallet could be installed onto the hard drive or other physical memory of the computer . . . 
the invention could also be used in conjimction with a physical token), wherein said intelligent 
token (i.e. physical token) generates a response to said challenge, receiving said response from 
the user based upon said challenge (see claim 30 (c) - receiving an answer to said challenge), 
processing said response to verify the intelligent token (see claim 30 (d) - determining that said 
answer satisfies said challenge ; claim 34 and col. 4-lines 35-46 - physical token), providing at 
least a portion of said assembled credentials to said user (see claim 30 (e) transmitting said 
authentication credential for said requestor and claim 32 - said credential is a private key), 
receiving, at a second server (i.e. access control server), a second request from said user, said 
second request including said portion of said assembled credentials provided to said user, and 
validating at said second server, said portion of said assembled credentials provided to said user 
with said key of said assembled credentials to provide access to a transaction service (see col. 3, 
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lines 43-49 & 61-63). As for assembling credentials for the transaction at said first server, said 
credentials comprising at least one key, this is an inherent step. Notice, Kausik et al. the 
authentication credential is in existence at said server prior to the request (see claim 30, (a) (i)), 
which implies that the credential has been created. Claim 32 discloses a credential that is a 
private key. 

Referring to claims 2 and 44, Kausik et al. disclose the transaction is an electronic 
purchase transaction (see col. 3, lines 22-24). 

Referring to claims 3 and 45, Kausik et al. disclose the electronic purchase transaction is 
conducted using a digital wallet (see claim 34). 

Referring to claim 43, Kausik et al. disclose receiving, at a first server (i.e. credential 
server), a transaction request fi-om a user for a transaction at a merchant server (see claim 30(a) - 
receiving from a requestor, over a network a request for a predetermined authentication 
credential), issuing a challenge to the user, wherein said challenge is passed to an intelligent 
token (i.e. physical token) for processing said challenge, (see claim 30 (b) - transmitting, to said 
requestor, a challenge; claim 34 - said transmitting is to a digital wallet of said requestor; col. 4, 
lines 35-46 - the wallet could be installed onto the hard drive or other physical memory of the 
computer ... the invention could also be used in conjunction with a physical token), wherein said 
intelligent token generates a response to said challenge, receiving said response fi"om the user 
based upon said challenge (see claim 30 (c) - receiving an answer to said challenge), processing 
said response to verify the intelligent token (see claim 30 (d) - determining that said answer 
satisfies said challenge ; claim 34 and col. 4-lines 35-46 - physical token), providing at least a 
portion of said assembled credentials to said user (see claim 30 (e) transmitting said 
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authentication credential for said requestor and claim 32 - said credential is a private key), 
receiving, at a second server (i.e. access control server), a second request from said user, said 
second request including said portion of said assembled credentials provided to said user, and 
validating at said second server, said portion of said assembled credentials provided to said user 
with said key of said assembled credentials to provide access to a transaction service (see col. 3, 
lines 43-49 & 61-63). As for assembling credentials for the transaction at said first server, said 
credentials comprising at least one key, this is an inherent step. Notice, Kausik et al. the 
authentication credential is in existence at said server prior to the request (see claim 30, (a) (i)), 
which implies that the credential has been created. Claim 32 discloses a credential that is a 
private key. 

Referring to claim 90, Kausik et al. disclose receiving at a first server (i.e. credential 
server), a transaction request from a user for a transaction at a merchant server (see claim 30(a) - 
receiving from a requestor, over a network a request for a predetermined authentication 
credential), issuing a challenge to the user, wherein said challenge is passed to an intelligent 
token (i.e. physical token) for processing said challenge, (see claim 30 (b) - transmitting, to said 
requestor, a challenge; claim 34 - said transmitting is to a digital wallet of said requestor; col. 4, 
lines 35-46 - the wallet could be installed onto the hard drive or other physical memory of the 
computer ... the invention could also be used in conjunction with a physical token), wherein said 
intelligent token generates a response to said challenge, receiving a response from the user based 
upon said challenge (see claim 30 (c) - receiving an answer to said challenge), processing said 
response to verify the intelligent token (see claim 30 (d) - determining that said answer satisfies 
said challenge ; claim 34 and col. 4-lines 35-46 - physical token), providing at least a portion of 
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said assembled credentials to said user (see claim 30 (e) transmitting said authentication 
credential for said requestor and claim 32 - said credential is a private key), receiving, at a 
second server (i.e. access control server), a second request from said user indicating readiness to 
complete the transaction, said second request including said portion of said assembled 
credentials provided to said user, and validating at said second server, said portion of said 
assembled credentials provided to said user with said key of said assembled credentials to 
thereby permit processing and completion of said transaction (see col. 3, lines 43-49 & 61-63). 
As for assembling credentials for the transaction at said first server, said credentials comprising 
at least one key, this is an inherent step. Notice, Kausik et al. the authentication credential is in 
existence at said server prior to the request (see claim 30, (a) (i)), which implies that the 
credential has been created. Claim 32 discloses a credential that is a private key. 

Claim Rejections - 35 USC§103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 4, 46 and 91-103 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kausik et al. as appHed to claims 1 and 90 above, and further in view of U.S. Patent No. 6873974 
to Schutzer. 

Referring to claims 4, 96 and 101, Kausik et al. disclose an intelligent token (see claim 1 
above - "physical token"). Kausik et al do not expressly disclose the intelligent token is a smart 
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card. Schutzer discloses the intelligent token is a smart card (see col. 9, lines 16-24). At the 
time the invention was made, it would have been obvious to a person of ordinary skill in the art 
to modify the method disclose by Kausik et al. to include an intelligent token that is a smart card. 
One of ordinary skill in the art would have been motivated to do this because smart cards are 
more secure than software wallets and they can be conveniently carried as the user roams (see 
Kausik et al. col. 1, lines 56-58). 

Referring to claim 46, Kausik et al. disclose a user conducts a transaction via a wallet 
(see claim 43 above). Kausik et al. do not expressly disclose the user conducts the transaction 
via a smart card. Schutzer discloses the user conducts the transaction via a smart card (see col. 9, 
liens 16-24). At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to modify the method disclose by Kausik et al. to include the step 
wherein the user conducts the transaction via a smart card. One of ordinary skill in the art would 
have been motivated to do this because smart cards are more secure than software wallets and 
they can be conveniently carried as the user roams (see Kausik et al. col. 1, liens 56-58). 

Referring to claim 91, Kausik et al. disclose a user, and second server (see claim 90 
above). Kausik et al. do not expressly disclose accessing required information associated with 
said user from said second server, populating one or more corresponding user purchase forms at 
said second server with said required information and said second server providing said 
populated user purchase forms and an authorization response message to a merchant for 
processing and completion of said transaction. Schutzer discloses accessing required 
information associated with said user from said second server, populating one or more 
corresponding user purchase forms at said second server with said required information and said 
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second server providing said populated user purchase forms and an authorization response 
message to a merchant for processing and completion of said transaction (see col. 2, lines 15-27). 
At the time the invention was made, it would have been obvious to a person of ordinary skill in 
the art to modify the method disclose by Kausik et al. to include the steps of accessing required 
information associated with said user from said second server, populating one or more 
corresponding user purchase forms at said second server with said required information and said 
second server providing said populated user purchase forms and an authorization response 
message to a merchant for processing and completion of said transaction. One of ordinary skill 
in the art would have been motivated to do this because it provides an electronic system that 
allows users to easily interact with merchants. 

Referring to claims 92, 93, 100 and 102, Kausik et al. disclose the transaction is an 
electronic purchase transaction and the transaction is a web-based purchase transaction (see col. 
3, lines 22-24). 

Referring to claims 94 and 95, Kausik et al. disclose the electronic purchase transaction is 
conducted using a digital wallet (see claim 34). 

Referring to claims 97 and 103, Kausik et al. disclose an electronic transaction system 
(see claim 91 above). Kausik et al. do not expressly disclose said required information includes 
user name, user address, shipping address, card number and payment amount. Schutzer disclose 
said required information includes user name, user address, shipping address, card number and 
payment amount (see abstract). At the time the invention was made, it would have been obvious 
to a person of ordinary skill in the art to modify the method disclose by Kausik to include said 
required information includes user name, user address, shipping address, card number and 
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payment amount. One of ordinary skill in the art would have been motivated to do this because 
it provides an electronic system that allows users to easily interact with merchants. 

Referring to claim 98, Kausik et al. disclose receiving at a first server (i.e. credential 
server), a transaction request from a user for a transaction at a merchant server (see claim 30(a) - 
receiving from a requestor, over a network a request for a predetermined authentication 
credential), issuing a challenge to the user, wherein said challenge is passed to an intelligent 
token (i.e. physical token) for processing said challenge, (see claim 30 (b) - transmitting, to said 
requestor, a challenge; claim 34 - said transmitting is to a digital wallet of said requestor; col. 4, 
lines 35-46 - the wallet could be installed onto the hard drive or other physical memory of the 
computer ... the invention could also be used in conjunction with a physical token), wherein said 
intelligent token generates a response to said challenge, receiving a response from the user based 
upon said challenge (see claim 30 (c) - receiving an answer to said challenge), processing said 
response to verify the intelligent token (see claim 30 (d) - determining that said answer satisfies 
said challenge ; claim 34 and col. 4-lines 35-46 - physical token ), providing at least a portion of 
said assembled credentials to said user (see claim 30 (e) transmitting said authentication 
credential for said requestor and claim 32 - said credential is a private key), receiving, at a 
second server (i.e. access control server), a second request from said user, said second request 
including said portion of said assembled credentials provided to said user, and validating at said 
second server, said portion of said assembled credentials provided to said user with said key of 
said assembled credentials to thereby permit processing and completion of said transaction (see 
col. 3, lines 43-49 & 61-63). As for assembling credentials for the transaction at said first server, 
said credentials comprising at least one key, this is an inherent step. Notice, Kausik et al. the 
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authentication credential is in existence at said server prior to the request (see claim 30, (a) (i)), 
which implies that the credential has been created. Claim 32 discloses a credential that is a 
private key. Kausik et al. do not expressly disclose accessing required information associated 
with said user from said second server, populating, at said second server, one or more 
corresponding user purchase forms with said required information and said second server 
providing said populated user purchase forms and an authorization response message to a 
merchant for processing and completing said purchase transaction. Schutzer discloses accessing 
required information associated with said user from said second server, populating one or more 
corresponding user purchase forms at said second server with said required information and said 
second server providing said populated user purchase forms and an authorization response 
message to a merchant for processing and completion of said transaction (see col. 2, lines 15-27). 
At the time the invention was made, it would have been obvious to a person of ordinary skill in 
the art to modify the method disclose by Kausik et al. to include the steps of accessing required 
information associated with said user from said second server, populating one or more 
corresponding user purchase forms at said second server with said required information and said 
second server providing said populated user purchase forms and an authorization response 
message to a merchant for processing and completion of said transaction. One of ordinary skill 
in the art would have been motivated to do this because it provides an electronic system that 
allows users to easily interact with merchants. 

Referring to claim 99, Kausik et al. disclose receiving said challenge at said inteUigent 
token (see claim 30 (b) and claim 34 - transmitting, to said requestor, a challenge. . .said 
transmitting is to a digital wallet of a requestor), receiving said personal identifier (i.e. PIN) from 
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said user, said instrument validating said personal identifier sand unlocking said instrument (see 
col. 5, lines 10- 24, the user enters a PDSf to unlock the wallet. ..the PIN is compared with a 
stored hash value. . .if the two hash values agree, the PIN is passed to decryption module.. .the 
decrypted private key is released for use), said intelligent token transmitting said response to said 
first server (see claim 30 (c)). As for the step of said intelligent token prompting said user for a 
personal identifier this is an inherent step. That is, before the user enters the PIN, he must have 
previously been prompted for such entry. 

Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
AppHcant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi-om the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated fi-om the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS fi-om the date of this 
final action. 
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Any inquiry concerning this conmiunication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is (571) 272-6714. The 
examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (571) 272-6712. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300 for Regular/After 
Final Actions and 571-273-6714 for Non-Official/Draft. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 



Commissioner of Patents and Trademarks 



P.O. Box 1450 
Alexandria, VA 22313-1450 




Jalatee Worjloh 
Patent Examiner 
Art Unit 3621 



May 1,2006 




